version 1.188, 2004/05/22 16:01:05 |
version 1.189, 2004/06/13 14:01:42 |
|
|
supports hostbased or challenge response authentication. |
supports hostbased or challenge response authentication. |
.Pp |
.Pp |
Protocol 2 provides additional mechanisms for confidentiality |
Protocol 2 provides additional mechanisms for confidentiality |
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) |
and integrity (hmac-md5, hmac-sha1). |
and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). |
Note that protocol 1 lacks a strong mechanism for ensuring the |
Note that protocol 1 lacks a strong mechanism for ensuring the |
integrity of the connection. |
integrity of the connection. |
.Ss Login session and remote execution |
.Ss Login session and remote execution |
|
|
configuration files; see the |
configuration files; see the |
.Cm Compression |
.Cm Compression |
option. |
option. |
.It Fl c Ar blowfish | 3des | des |
.It Fl c Ar cipher_spec |
Selects the cipher to use for encrypting the session. |
Selects the cipher specification for encrypting the session. |
|
.Pp |
|
Protocol version 1 allows specification of a single cipher. |
|
The suported values are |
|
.Dq 3des , |
|
.Dq blowfish |
|
and |
|
.Dq des . |
.Ar 3des |
.Ar 3des |
is used by default. |
|
It is believed to be secure. |
|
.Ar 3des |
|
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
|
It is believed to be secure. |
.Ar blowfish |
.Ar blowfish |
is a fast block cipher; it appears very secure and is much faster than |
is a fast block cipher; it appears very secure and is much faster than |
.Ar 3des . |
.Ar 3des . |
|
|
.Ar 3des |
.Ar 3des |
cipher. |
cipher. |
Its use is strongly discouraged due to cryptographic weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
.It Fl c Ar cipher_spec |
The default is |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
.Dq 3des . |
be specified in order of preference. |
.Pp |
See |
For protocol version 2 |
.Cm Ciphers |
.Ar cipher_spec |
for more information. |
is a comma-separated list of ciphers |
|
listed in order of preference. |
|
The supported ciphers are |
|
.Dq 3des-cbc , |
|
.Dq aes128-cbc , |
|
.Dq aes192-cbc , |
|
.Dq aes256-cbc , |
|
.Dq aes128-ctr , |
|
.Dq aes192-ctr , |
|
.Dq aes256-ctr , |
|
.Dq arcfour , |
|
.Dq blowfish-cbc , |
|
and |
|
.Dq cast128-cbc . |
|
The default is |
|
.Bd -literal |
|
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
|
aes192-cbc,aes256-cbc'' |
|
.Ed |
.It Fl D Ar port |
.It Fl D Ar port |
Specifies a local |
Specifies a local |
.Dq dynamic |
.Dq dynamic |